terraform管理本地K8S集群

1 关于terraform

terraform是一个开源的基础设施即代码的自动化编排工具，用于管理各种不同厂商的各种云服务。不仅可以避免人工操作的麻烦，也可以降低手误的概率，同时还能对资源的变更进行跟踪记录。

2 安装terraform

直接通过yum安装，不过需要先添加对应的repo

yum install -y yum-utils
yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
yum -y install terraform

3 配置使用本地K8S集群

要管理集群，肯定需要有账号和权限，因为我的集群是通过kubeadm创建的，因此我的admin配置文件就是/etc/kubernetes/admin.conf，同时我们的集群provider是kubernetes，可以理解为一个专门的驱动，用于解析对k8s集群资源的操作

provider "kubernetes" {
  config_path   = "/etc/kubernetes/admin.conf"
}

4 创建资源

我们以新建一个namespace为例，在本地k8s集群里创建新的资源，

resource "kubernetes_namespace" "nginx-test" {
  metadata {
    name = "nginx"
  }
}

资源类型为kubernetes_namespace，资源名称为nginx-test，这个资源名称并不重要，我们真正的namespace名称由meadata指定，也就是nginx。

然后就是terraform的三部曲，init->plan->apply,

• init主要是为了初始化运行环境，下载和安装一些依赖模块
• plan则是实现查看变更的资源是否是我们预期的，这一步并不会真正执行资源修改操作
• apply才是最终执行资源变更

[root@master terraform]# terraform init

Initializing the backend...

Initializing provider plugins...
- Reusing previous version of hashicorp/kubernetes from the dependency lock file
- Using previously-installed hashicorp/kubernetes v2.7.1

Terraform has been successfully initialized!
...
[root@master terraform]# terraform plan

Terraform used the selected providers to generate the following execution plan.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # kubernetes_namespace.nginx-test will be created
  + resource "kubernetes_namespace" "nginx-test" {
      + id = (known after apply)

      + metadata {
          + generation       = (known after apply)
          + name             = "nginx"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.
...
[root@master terraform]# terraform apply

Terraform used the selected providers to generate the following execution plan.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # kubernetes_namespace.nginx-test will be created
  + resource "kubernetes_namespace" "nginx-test" {
      + id = (known after apply)

      + metadata {
          + generation       = (known after apply)
          + name             = "nginx"
          + resource_version = (known after apply)
          + uid              = (known after apply)
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

kubernetes_namespace.nginx-test: Creating...
kubernetes_namespace.nginx-test: Creation complete after 0s [id=nginx]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

apply成功后，我们可以通过kubectl查看下对应资源是否创建，

[root@master terraform]# kubectl get ns 
NAME                   STATUS   AGE
nginx                  Active   5s

可见，nginx这个namespace已经被成功创建。

---

参考文档：

1. https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs